Placing an air gap between your network and your backup device would be a good way to protect your data from ransomware, but how could you back up to a device that’s off the network? You’d have to keep connecting and disconnecting it every time you wanted to back up - which could be several times a day - and that would be a headache. That brings us back to the air gap backup. Then, once it wipes out or otherwise infects the backups, it continues infecting all of your other endpoints. Unfortunately, the bad actors know that which is why the ransomware first scans the network looking for where you store your backups. Naturally, if you’re hit with ransomware, you’ll try to restore from your most recent, clean backup instead of paying the ransom. To cause as much havoc as possible, ransomware propagates quickly, and if your backup data is on the network being crawled, then it’s in danger. Or it could find a network switch and propagate itself by infecting devices connected to the switch.
#Air gapped backup update#
It figures out what’s running on them and delivers a payload that will encrypt every file and display a ransom notice.įor example, it could find a server running Windows 10 without a certain security update it would exploit that vulnerability.
It scans the network looking for more endpoints that its payload can exploit. Ransomware is usually executable, running as a process on an endpoint, like a computer, server, network switch, router, IoT device or smartphone. It has taken on new urgency in an era when they’re worrying more about ransomware, which causes so much more havoc. The concept of the air gap has been around ever since administrators started worrying about viruses infecting their data, causing havoc like downtime, loss of data and loss of revenue. The air gap backup is a way of putting your backup onto media that is physically disconnected from your network. That’s why almost anytime you hear about an air gap, it’s in the context of protecting your backup data. You wouldn’t air-gap your human resources system or manufacturing applications you need them to be constantly online. It’s a trade-off between security and usefulness.
#Air gapped backup software#
But almost every good use of a computer - the web, email, conference calls, collaboration, software as a service - requires a network connection.
#Air gapped backup Offline#
You can work offline if you have applications for word processing, spreadsheets and productivity installed on it.
The problem is that there aren’t many things you can do with an air-gapped device. They can’t jump an air gap, so they can’t cause trouble. Almost all attack vectors depend on a network connection to spread and infect devices like PCs and servers. Why would you want an air gap between a device and your network? The main reason is security. It is completely separated, and as far as the network is concerned, the device does not exist. The device has no physical network connection and is not accessible over the network. If you take a device, disable its wireless connections (like Wi-Fi, cellular and Bluetooth) and unplug its wired connections (like Ethernet and Powerline), then you’ve air-gapped it. What is an air gap?Īn air gap is the lack of connection between a device and the rest of the network. After all, it isn’t the most popular form of data protection, and it certainly isn’t the most convenient.īut if you find out someday that your backups are corrupted, ransomed or lost, then you may realize that an air gap would have been a good idea. When you think about network security, an air gap may not be the first thing that comes to mind.
0 kommentar(er)
